CLI Referencevalqore scan
valqore scan
Scan a live Kubernetes cluster against Valqore's full rule set.
valqore scan
Scan a live Kubernetes cluster and evaluate all discovered resources against Valqore's full rule set. Uses your current kubeconfig context.
Usage
valqore scan [OPTIONS]Options
| Flag | Default | Description |
|---|---|---|
--namespace <ns> | all | Limit scan to a specific namespace. |
--carbon-region <region> | us-east-1 | Cloud region for carbon-intensity calculations. |
--output <format> | table | Output format: table, json, or yaml. |
Prerequisites
- A valid kubeconfig with an active context pointing to the target cluster.
- A read-only ClusterRole:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: valqore-reader
rules:
- apiGroups: ["", "apps", "batch", "networking.k8s.io", "rbac.authorization.k8s.io"]
resources: ["*"]
verbs: ["get", "list"]Example
$ valqore scan --namespace production --carbon-region eu-west-1
Scanning cluster: eks-prod
Namespace: production
Discovered: 12 Deployments, 4 StatefulSets, 8 Services, 3 Ingresses
RULE SEV RESOURCE STATUS
sec-no-root BLOCK Deployment/api-server FAIL
sec-no-privileged BLOCK DaemonSet/node-exporter FAIL
cost-cpu-request-missing BLOCK Deployment/cron-runner FAIL
cost-idle-resources WARN Deployment/legacy-adapter FAIL
Score: 58/100 | Est. Cost: $1,240/mo | Carbon: 67 kg CO₂e/mo
Scanned 49 resources in 2.3sFull Cluster Scan
# JSON output for CI
valqore scan --output json > cluster-report.json
# Filter blocking issues
valqore scan --output json | jq '.results[] | select(.severity == "BLOCK")'Was this helpful?
Prev
Next